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Top Stories 

• Part of Route 18 in Canton Township, Pennsylvania, was closed for several hours April 21 
after an accident involving a semi-truck carrying diesel fuel and two other semi-trucks 
carrying fracking water which led to a spill of about 1,300 gallons of diesel fuel and 400 
gallons of fracking water. - WPXI 11 Pittsburgh; Pittsburgh Tribune-Review (See item 6) 

• Researchers identified a successful attack campaign that utilized the Heartbleed 
vulnerability to target an undisclosed organization’s virtual private network (VPN) and 
obtain VPN session tokens. - Dark Reading (See item 23 ) 

• The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) issued an 
advisory warning that the Innominate mGuard firmware and several Siemens industrial 
control systems are vulnerable to the Heartbleed vulnerability. - Threatpost (See item 25 ) 

• Researchers released a paper outlining critical vulnerabilities in satellite communication 
gear from several major manufacturers that could allow attackers to disrupt or eavesdrop 
on communications. - CSO (See item 27 ) 
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Energy Sector 



1. April 18, Fort Myers News-Press - (Florida) Company fined for technique consistent 
with ‘fracking’ in Collier. Texas-based Dan A. Hughes Co., was fined $25,000 by the 
Florida Department of Environmental Protection (DEP) for its actions and was barred 
from using a drilling technique further at a well located at Hogan Island until the 
company completes a groundwater study, DEP stated April 18. The company 
performed the unpermitted technique for two days and ignored a cease-and-desist order 
from the DEP. 

Source: http://www.news-press.com/storv/life/outdoors/2014/04/18/dep-fines-oil- 
companv-for-unauthorized-drilling-procedure-consistent-with-fracking/7883931/ 

For additional stories, see items 6, 25, and 27 
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Chemical Industry Sector 

See item 25 
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Nuclear Reactors, Materials, and Waste Sector 

2. April 18, Tampa Bay Times - (Florida) Piece of errant metal in steam generator 
delays restart of St. Lucie nuclear plant. A piece of metal damaged a steam generator 
tube at the St. Lucie 2 nuclear power plant in Florida, causing a 2-week delay to the 
plant returning to service following its refueling outage. 

Source: http://www.tampabav.com/news/business/energv/piece-of-err ant-metal-in- 
steam-generator-delays-restart-of-st-lucie/2 175775 

For another story, see item 25 
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Critical Manufacturing Sector 

See item 25 
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Defense Industrial Base Sector 

3. April 20, Associated Press - (Tennessee) Tenn. ammunition plant explosion ruled 
accidental. Officials from the Bureau of Alcohol, Tobacco, Firearms, and Explosives 
reported that a preliminary investigation revealed that an April 16 explosion at the Rio 



- 2 - 



Ammunition facility in McEwen that left 1 dead and 3 injured was accidental. The 
Tennessee Occupational Safety and Health Administration is investigating to determine 
fault and whether there were any violations at the facility. 

Source: http://news.msn.com/us/tenn-ammunition-plant-explosion-ruled-accidental 
For additional stories, see items 25 and 27 
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Financial Services Sector 

4. April 18, Milwaukee Journal Sentinel - (Wisconsin) Menomonee Falls police arrest 3 
suspects in bank robbery. Two men accused of robbing a BMO Harris Bank branch in 
Menomonee Falls were arrested by police shortly after the robbery April 17. A bank 
employee accused of being an accomplice was also arrested the same day. 
Source: http://www.isonline.com/news/crime/menomonee-falls-police-arrest-2- 
suspects-in-bank-robbery-b99250798z 1-255759901 .html 
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Transportation Systems Sector 

5. April 21, Boston Globe - (New Hampshire) Small plane crashes at N.H. airport. The 
Federal Aviation Administration is investigating a small plane crash at Concord 
Municipal Airport in New Hampshire April 20 that destroyed the plane and left the 
pilot with minor injuries after gusty winds caused the plane to crash while landing. 
Source: http://www.bostonglobe.com/metro/2014/04/20/small-plane-crashes- 
airport/wS40W pMJf 8zzl7EiV dUKGFstory.html 

6. April 21, WPX1 11 Pittsburgh; Pittsburgh Tribune-Review - (Pennsylvania) Hazmat 
situation shuts down part of Route 18 in Washington Co. Part of Route 18 in 
Canton Township was closed for several hours April 21 after an accident in which a 
semi-truck carrying more than 2,500 gallons of diesel fuel rear-ended two other semi- 
trucks carrying fracking water, causing all three to overturn spilling about 1,300 gallons 
of diesel fuel and 400 gallons of fracking water into the roadway, storm water system, 
and Chartiers Creek. Officials contained the spill and are investigating the incident. 
Source: http://www.wpxi.com/news/news/local/hazmat-situation-shuts-down-part- 
route- 1 8-washingt/nfdxN/ 

7. April 21, KXAS 5 Fort Worth - (Texas) Two killed in crash along East Loop 820. 

East Foop 820 in Fort Worth was shut down for about 3 hours April 18 after 2 vehicles 
collided along the southbound lanes, killing 2 people. 

Source: http://www.nbcdfw.com/news/local/Two-Killed-in-Crash-Along-East-Foop- 
820-255805901 .html 



April 20, Associated Press - (Michigan) 2 men who died in experimental plane crash 
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ID’d. The Federal Aviation Administration is investigating after an experimental CJ-6 
plane crashed in a farm field in Shiawassee County’s Venice Township April 19, 
killing the pilot and passenger. 

Source: http://www.timesunion.com/news/article/2-men-die-as-small-plane-crashes-in- 
Michigan-field-5416306.php 

9. April 18, St. Louis Post-Dispatch - (Missouri) Westbound Highway 40 west of 
downtown scheduled to open at 9 a.m. The Missouri Department of Transportation 
shut down all lanes of Highway 40 (Interstate 64) westbound between Forest Park 
Avenue and Kingshighway for 12 hours April 18-19 due to ongoing construction work. 
Source: http://www.stltodav.com/news/local/metro/westbound-highway-is-closed-west- 
of-downtown-ovemight/article 28497379-153c-5a62-bbc6-bb4a9343d374.html 

10. April 17, Los Angeles Times - (California) State fines Bart $210,000 for lapses that 
led to rail worker deaths. The California Occupational Safety and Health 
Administration cited the Bay Area Rapid Transit District April 17 with three violations 
and proposed fines totaling $210,000 after investigating the death of 2 workers who 
were struck and killed by a fast- moving train in Walnut Creek during October 2013. 
Source: http://www.latimes.com/local/lanow/la-me-ln-bart-fined- 
20140417,0,7604441.story 

For another story, see item 27 
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Food and Agriculture Sector 

11. April 20, U.S. Department of Agriculture - (National) Missouri firm recalls hot dog 
products due to misbranding and undeclared allergens. The U.S. Department of 
Agriculture announced that Kraft Foods Group, Inc., recalled approximately 96,000 
pounds of its Oscar Mayer Classic Wieners due to mislabeling and undeclared milk. 

The products may contain Oscar Mayer Classic Cheese Dogs in the Classic Wieners’ 
packages. 

Source : http://www.fsis.usda.gov/wps/portal/fsis/topics/recalls-and-public-health- 
alerts/recall-case-archive/archive/2014/recall-024-20 14-release 

12. April 19, U.S. Department of Agriculture - (National) Georgia firm recalls chicken 
breast tenders products due to misbranding and undeclared allergens. Prime Pak 
Foods recalled approximately 24,000 pounds of its Sugar Lake Farms fully cooked 
breaded chicken breast products due to misbranding and undeclared egg and wheat. 
Source : http://www.fsis.usda.gov/wps/portal/fsis/topics/recalls-and-public-health- 
alerts/recall-case-archive/archive/2014/recall-023-20 14-release 

13. April 18, KXLY 4 Spokane - (Washington) Purina plant fined for safety violations 
after worker loses leg. The Washington Department of Labor and Industries issued 16 
citations to Purina’ s mill in East Trent after an October 2013 industrial accident at the 
facility resulted in a worker having his leg amputated. The company was ordered to pay 
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$1 1,520 in penalties. 

Source: http://www.kxly.com/news/spokane-news/osha-finds-mutliple-safety- 
violations-at-purina-plant/25558456 

14. April 18, U.S. Food and Drug Administration - (National) Whole Foods Market 
Southwest Region recalls mini butter croissants due to undeclared egg. Whole 
Food Market Southwest Region recalled 6-pack plastic containers of its mini butter 
croissants due to undeclared egg. 

Source: http://www.fda.gov/Safety/Recalls/ucm394021.htm 

15. April 18, Food Safety News - (Pennsylvania) Pennsylvania Health Department: 
Discard raw milk from Greenfield Dairy. The Pennsylvania Health Department 
warned April 18 that raw milk from Greenfield Dairy near Middleburg is likely 
contaminated with Listeria monocytogenes and should not be consumed. Raw milk 
sales at the farm were halted by State officials until two samples taken at least 24 hours 
apart test negative for the bacteria. 

Source: http://www.foodsafetvnews.com/2014/04/raw-milk-from-pennsvlvania-dairv- 
farm-found- with-listeria-and-should-be-discarded/ 
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Water and Wastewater Systems Sector 

16. April 21, Associated Press - (Iowa) Water shut off in small northern Iowa town. 
Plainfield residents in Bremer County were ordered to use bottled water indefinitely 
after city officials were forced to shut off the town’s water supply due to a water line 
break. 

Source: http://www.kcci.com/news/water-shut-off-in-small-northern-iowa- 
town/25576044 



For additional stories, see items 6 and 25 
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Healthcare and Public Health Sector 

17. April 20, CNN - (National) Heartbleed causes HealthCare.gov to change users’ 
passwords. Registered users of the U.S. national health insurance exchange Web site 
had their account passwords reset and were prompted to change their passwords as a 
precaution due to the Heartbleed vulnerability in OpenSSL. There was no indication 
that users’ personal information was at risk or any indication that the vulnerability had 
been used against the Web site. 

Source: http://politicalticker.blogs.cnn.com/2014/Q4/19/heartbleed-causes-healthcare- 
gov-to-change-users-passwords/ 

18. April 18, U.S. Food and Drug Administration - (National) Hospira announces 
voluntary nationwide recall of one lot of 1% Lidocaine HCI Injection, USP, due to 
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visible particulates. Hospira, Inc., announced April 18 a voluntary recall of one lot of 
its 1% Lidocaine HCI Injection, USP due to iron oxide particulates within the solution 
and embedded within the glass vial. If administered, the particles could either block the 
passage of the solution to the patient and delay therapy or pass from the catheter into 
the patient, causing local inflammation. 

Source: http://www.fda.gov/Safety/Recalls/ucm394020.htm 
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Government Facilities Sector 

19. April 18, Jasper Daily Mountain Eagle - (Alabama) Bomb threat shuts down 
courthouse. The Walker County Courthouse and annex in Jasper were evacuated for 
more than 2 hours April 17 after a bomb threat was phoned in to the courthouse. Police 
searched the building and cleared the scene after nothing suspicious was found. 

Source: http://www.mountaineagle.com/view/full story/24957855/article-Bomb-threat- 
shuts-down-courthouse?instance=main article 

20. April 17, KYW 3 Philadelphia - (Pennsylvania) Cheyney University cancels Friday 
classes due to water main break. Officials cancelled classes April 18 at Cheyney 
University in Pennsylvania due to a water main break that affected several buildings on 
campus. 

Source: http://philadelphia.cbslocal.com/2014/04/17/chevnev-university-cancels- 
friday-classes-due-to-water-main-break/ 

For another story, see item 27 
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Emergency Services Sector 

21. April 20, KMGH 7 Denver - (Colorado) 2 inmates escape minimum security prison 
camp in Englewood, Colorado. Authorities are searching for two inmates that escaped 
from the Federal Prison Camp in Englewood, Colorado, April 19. 

Source: http://www.thedenverchannel.com/web/kmgh/news/local-news/2-inmates- 
escape-minimum- securitv-prison-camp-in-englewood-colorado-0420 1 4 

22. April 20, Associated Press - (California) Prison officials searching for missing Calif, 
inmate. The California Department of Corrections and Rehabilitation is searching for 
an inmate that walked away from the Riverside County prison camp April 18 in 
Yucaipa. 

Source: http://sacramento.cbslocal.com/2014/04/20/prison-officials-searching-for- 
missing-calif-inmate/ 

For another story, see item 27 
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Information Technology Sector 

23. April 21, Dark Reading - (International) Heartbleed attack targeted enterprise VPN. 
Researchers at Mandiant identified a successful attack campaign that utilized the 
Heartbleed vulnerability in OpenSSL to target an undisclosed organization’s virtual 
private network (VPN) and obtain VPN session tokens. The attack began April 8, 
hijacked several active user sessions, and allowed the attackers to attempt to escalate 
their privileges within the organization. 

Sourcc: httn://www'. darkrcading.com/attacks-brcachcs/hcartblccd-attack-targctcd- 
enterprise-vpn-/d/d-id/l 204592 

24. April 19, Softpedia - (International) Sophos names spam-relaying “dirty dozen” 
countries for Q1 2014. Sophos released its list of top spam-relaying countries for the 
first quarter of 2014, with the U.S. accounting for the most spam by volume at 16 
percent of all spam, followed by Spain and Russia. 

Source: http://news.softpedia.com/news/Sophos-Names-Spam-Relaving-Dirtv-Dozen- 
Countries-for-Ql -2014-4385 17.shtml 

25. April 18, Threatpost - (International) ICS-CERT warns of Heartbleed 
vulnerabilities in Siemens gear. The Industrial Control Systems Cyber Emergency 
Response Team (ICS-CERT) issued an advisory warning that the Innominate mGuard 
firmware and several Siemens industrial control systems are vulnerable to the 
Heartbleed vulnerability in OpenSSL. Innominate issued a patch for the vulnerable 
firmware, while Siemens identified affected systems. 

Source: http://threatpost.corn/ics-cert-warns-of-heartbleed-vulnerabilities-in-siemens- 

gear/105554 

26. April 18, The Register - (International) Reddit users discover iOS malware threat. 
Reddit users identified a piece of malware for iOS devices known as Unflod Baby 
Panda which can target jailbroken iOS devices. Researchers at SektionEins found that 
the malware listens to SSL traffic and searches for Apple ID information to steal. 
Source: http://www.theregister.co.uk/2014/04/18/reddit users discover ios malware t 
hreat/ 



For another story, see item 27 

Internet Alert Dashboard 

To report cyber infrastructure incidents or to request information, please contact US-CERT at soc@us-cert.gov or 
visit their Web site: http://www.us-cert.gov 

Information on IT information sharing and analysis can be found at the IT ISAC (Information Sharing and 
Analysis Center) Web site: http://www.it-isac.org 
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Communications Sector 



27. April 18, CSO - (International) Major security flaws threaten satellite 
communications. Researchers at 10 Active released a paper outlining critical 
vulnerabilities in satellite communication gear from several major manufacturers that 
could allow attackers to disrupt or eavesdrop on communications systems used in the 
maritime, energy, aeronautics, and media industries as well as those used by 
government and emergency services. Affected manufacturers were notified and details 
will not be publicly released until the second half of 2014 to allow manufacturers to 
close the vulnerabilities. 

Source: http://www.networkworld.com/news/2014/041814-maior-securitv-flaws- 
threaten-satellite-280848 .html 
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Commercial Facilities Sector 

28. April 21, WTLV 12 Jacksonville; WJXX 25 Orange Park - (Florida) Car hits packed 
Florida church, injuring 21. Police responded to the Second Haitian Baptist Church 
in Fort Myers April 20 after the driver of a vehicle crashed into the building when the 
car’s brakes allegedly failed. Eighteen people were transported to area hospitals and 
three others were treated at the scene for injuries. 

Source: http://www.firstcoastnews.com/story/news/2014/04/21/car-hits-packed-church- 
easter-sunday/7954497/ 

29. April 21, KXAN 36 Austin - (Texas) Man dies in north Austin apartment fire. About 
30 residents of the Quail Run Apartment complex in Austin were displaced after a fire 
broke out April 21 and firefighters had cut power to the building as a precaution. One 
man was killed by the fire. 

Source: http://kxan.com/2014/04/21/victim-pulled-from-north-austin-apartment-fire/ 

30. April 19, Baltimore Sun - (Maryland) Food poisoning investigated at food safety 
summit in Baltimore. State and local health officials are investigating a possible food 
poisoning outbreak during the Food Safety Summit held at the Baltimore Convention 
Center April 7-10 following reports that four attendees were sickened after they had 
eaten a meal at the venue on April 9. 

Source: http://articles.baltimoresun.com/2014-04-19/news/bs-md-ci-food-safety- 
20140419 1 food-poisoning-baltimore-health-health-officials 

31. April 17, Reuters- (National) Lowe's to pay $500,000 in EPA lead paint settlement. 

Federal authorities announced April 17 that Lowe’s Home Centers agreed to pay a 
$500,000 penalty to resolve an investigation into allegations that the company violated 
federal rules governing lead pain exposure. Lowe’s also agreed to implement a 
compliance program at more than 1,700 stores nationwide. 
Source: http://www.reuters.com/article/2014/04/17/us-usa-epa-lowes- 
idUSBREA3G 10020 1404 17 
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Dams Sector 



32. April 20, Associated Press; Helena Independent Record - (Montana) State repairs to 
Toston dam cost about $2M. The Montana Department of Natural Resources and 
Conservation approved a nearly $2 million plan to replace all the bladders on the 
Toston Dam (Broadwater Dam) and add additional piping and valves that will enable 
dam operators to isolate bladders if they fail, following a September 2012 seam failure 
in Bay 6. Crews expect to have repairs completed by July. 

Source: http://helenair.com/news/state-and-regional/state-repairs-to-toston-dam-cost- 
about-m/article d5392cea-6825-59a9-b38c-1386fdbc594b.html 



For another story, see item 25 
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About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday] 
summary of open-source published information concerning significant critical infrastructure issues. The DHS Daily 
Open Source Infrastructure Report is archived for 10 days on the Department of Homeland Security Web site: 
http://www.dhs.gov/IPDailyReport 

Contact Information 

Content and Suggestions: Send mail to cikr.productfeedback@hq.dhs.gov or contact the DHS 

Daily Report Team at (703) 942-8590 

Subscribe to the Distribution List: Visit the DHS Daily Open Source Infrastructure Report and follow 

instructions to Get e-mail updates when this information changes . 

Removal from Distribution List: Send mail to support @ govdelivery.com . 



Contact DHS 

To report physical infrastructure incidents or to request information, please contact the National Infrastructure 
Coordinating Center at nicc@hq.dhs.gov or (202) 282-9201. 

To report cyber infrastructure incidents or to request information, please contact US -CERT at soc@us-cert.gov or visit 
their Web page at www.us-cert.gov . 

Department of Homeland Security Disclaimer 

The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to educate and inform 
personnel engaged in infrastructure protection. Further reproduction or redistribution is subject to original copyright 
restrictions. DHS provides no warranty of ownership of the copyright, or accuracy with respect to the original source 
material. 
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